From c685c05ff413867114e6029ea182732d40fe1a64 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Sun, 14 Jul 2019 10:40:04 -0700 Subject: Fix cylinder gas type saving when we have bogus gas use data Steve Williams reported a crash when saving a previously loaded dive as xml, and gave a gdb backtrace. It turns out that if we can't parse the cylinder use type (OC, diluent, oxygen, unused) we initialize the cylinder use to an invalid type, and then when we save it, we mess up. Fix it up by doing proper limit checking before accessing the "cylinderuse_text[]" array when saving. Reported-by: Steve Signed-off-by: Linus Torvalds --- core/dive.c | 2 +- core/dive.h | 2 +- core/save-git.c | 5 +++-- core/save-xml.c | 5 +++-- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/core/dive.c b/core/dive.c index 97d82821c..b53982066 100644 --- a/core/dive.c +++ b/core/dive.c @@ -23,7 +23,7 @@ * here */ struct dive displayed_dive; -const char *cylinderuse_text[] = { +const char *cylinderuse_text[NUM_GAS_USE] = { QT_TRANSLATE_NOOP("gettextFromC", "OC-gas"), QT_TRANSLATE_NOOP("gettextFromC", "diluent"), QT_TRANSLATE_NOOP("gettextFromC", "oxygen"), QT_TRANSLATE_NOOP("gettextFromC", "not used") }; diff --git a/core/dive.h b/core/dive.h index e9bb926ae..ca42406d5 100644 --- a/core/dive.h +++ b/core/dive.h @@ -23,7 +23,7 @@ extern int last_xml_version; enum divemode_t {OC, CCR, PSCR, FREEDIVE, NUM_DIVEMODE, UNDEF_COMP_TYPE}; // Flags (Open-circuit and Closed-circuit-rebreather) for setting dive computer type -extern const char *cylinderuse_text[]; +extern const char *cylinderuse_text[NUM_GAS_USE]; extern const char *divemode_text_ui[]; extern const char *divemode_text[]; diff --git a/core/save-git.c b/core/save-git.c index 9702260a2..2b50fe7f7 100644 --- a/core/save-git.c +++ b/core/save-git.c @@ -140,6 +140,7 @@ static void save_cylinder_info(struct membuffer *b, struct dive *dive) cylinder_t *cylinder = dive->cylinder + i; int volume = cylinder->type.size.mliter; const char *description = cylinder->type.description; + int use = cylinder->cylinder_use; put_string(b, "cylinder"); if (volume) @@ -150,8 +151,8 @@ static void save_cylinder_info(struct membuffer *b, struct dive *dive) put_gasmix(b, cylinder->gasmix); put_pressure(b, cylinder->start, " start=", "bar"); put_pressure(b, cylinder->end, " end=", "bar"); - if (cylinder->cylinder_use != OC_GAS) - put_format(b, " use=%s", cylinderuse_text[cylinder->cylinder_use]); + if (use > OC_GAS && use < NUM_GAS_USE) + show_utf8(b, " use=", cylinderuse_text[use], ""); if (cylinder->depth.mm != 0) put_milli(b, " depth=", cylinder->depth.mm, "m"); put_string(b, "\n"); diff --git a/core/save-xml.c b/core/save-xml.c index 0af114ba0..da7b4738b 100644 --- a/core/save-xml.c +++ b/core/save-xml.c @@ -180,6 +180,7 @@ static void save_cylinder_info(struct membuffer *b, struct dive *dive) cylinder_t *cylinder = dive->cylinder + i; int volume = cylinder->type.size.mliter; const char *description = cylinder->type.description; + int use = cylinder->cylinder_use; put_format(b, " gasmix); put_pressure(b, cylinder->start, " start='", " bar'"); put_pressure(b, cylinder->end, " end='", " bar'"); - if (cylinder->cylinder_use != OC_GAS) - show_utf8(b, cylinderuse_text[cylinder->cylinder_use], " use='", "'", 1); + if (use > OC_GAS && use < NUM_GAS_USE) + show_utf8(b, cylinderuse_text[use], " use='", "'", 1); if (cylinder->depth.mm != 0) put_milli(b, " depth='", cylinder->depth.mm, " m'"); put_format(b, " />\n"); -- cgit v1.2.3-70-g09d2